Re: iptables and mysql...
From: Crucificator (crucificator_at_home.ro)
Date: Tue, 06 Jul 2004 09:48:36 +0300 To: General Red Hat Linux discussion list <email@example.com>
Jason Dixon wrote:
> On Jul 5, 2004, at 1:43 PM, Crucificator wrote:
>> Jason Dixon wrote:
>>> On Jul 2, 2004, at 9:34 AM, bruce wrote:
>>>> i'm investigating what needs to be done to allow mysql on a server
>>>> to be
>>>> used remotely by client machines. each machine is running iptables.
>>>> so i'm
>>>> wondering what has to be in the iptables for the machine being used
>>>> as the
>>>> mysql server, as well as the client machines that will be
>>>> communicating with
>>>> the mysql box...
>>> If you're concerned with data sniffing in transit, you might also
>>> consider one of the following:
>>> - tunnelling your client connections through SSH
>>> - MySQL-4.x supports SSL connections with x.509 certificates
>> mostly when you put up a mysql server you need it for building
>> dynamic pages with php let's say. So when you do such thing you only
>> need to allow connections from localhost because connection is made
>> from server-side. If this doesn't apply to you then you should check
>> out stunnel.
> I suggest you reserve your comments for threads where you have
> sufficient experience. Most DBA's are probably giggling at your
> comment. Real web applications routinely (more often than not)
> segregate their data store on separate (redundant) servers. Using SSL
> connections in addition to x.509 certs provides not only encryption,
> but authentication as well.
> Jason Dixon, RHCE
> DixonGroup Consulting
Dear Jason, most NA are probably giggling at your comment. I currently
administer such a server wich serves tunneled dynamic HTTP for SQL for
42 locations country-wide. We DO NOT have redundant servers. Have you
heard of RAID solutions? And it saves bandwidth, time and money as well.
I believe the lack of experience lies elsewere...
-- redhat-list mailing list unsubscribe mailto:firstname.lastname@example.org?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list